Skip to content

v7.1.14 - Security Release

Latest
Compare
Choose a tag to compare
@snipe snipe released this 14 Nov 00:19
· 79 commits to master since this release

Caution

This is a security release. All Snipe-IT users are strongly encouraged to upgrade.

Warning

FYI, in our excitement to get this released, we mistakenly tagged this as 7.1.14 instead of 7.0.14 (yay, automation, amirite?) Unfortunately, deleting tags makes this more difficult for our docker users, so we're just running with it. Sorry for the confusion, but you didn't miss anything, it was just a simple typo. We'll update the version.php file so at least they both agree. There are no new server requirements or libraries required outside of the standard 7.x.x requirements to handle this upgrade.

liz-lemon-wednesday

We seem to be getting a lot of mileage from that gif these days. 🫠

This is a security release that handles several CVEs, including CVE-2024-52301, which was just patched in the Laravel core yesterday.

While hosted customers were NOT affected (we do not have register_argc_argv enabled on any of our servers), self-hosted community users and support-only customers are encouraged to upgrade as soon as possible, or at the very least make sure that setting is not enabled in your php.ini.

In addition to the security patches, we have also added some new features, such as:

  • Ability to import Asset Models (without accompanying assets) via the Importer
  • Ability to override or null out the EOL date for assets via the asset bulk edit screen
  • Optimized some queries and indexes to speed things up a bit
  • Fixed a bug where OU was accidentally required to create locations via the GUI
  • Miscellaneous UI improvements and fixes
  • Full changelog can be found below

As always, still lots more on deck.

PS - we will likely be discontinuing posting updates on our Twitter account moving forward. Instead, find us in these other places:

What's Changed

New Contributors

Full Changelog: v7.0.13...v7.1.14